10up/10up-experience

Provide more information in the Password Protected Posts warning

benlk opened this issue · 0 comments

benlk commented

Is your enhancement related to a problem? Please describe.

10up-experience/includes/classes/PostPasswords/PostPasswords.php

Line 67 in 14c8794

<p class="description"><?php esc_html_e( 'Enables password protected content. WordPress default password protected post functionality is insecure and does not work with page caching.', 'tenup' ); ?></p>

Screenshot 2023-10-12 at 15 13 27

It would be nice if this warning changed to suit the context of the site where the plugin is deployed:

  • Is there a known-incompatible page-caching layer or host in use? If so, say so
  • Is there a known-safe host/cache in use? If so, say so

It would also be nice to link to details of the known insecurity.

Designs

No response

Describe alternatives you've considered

I'm also:

  • asking for more advice in Slack
  • searching the docs of the host for the site where I'm currently considering enabling this setting

But I figure it would be nice to capture the information and advice in the admin where the setting is, or at least in this repo.

Code of Conduct

  • I agree to follow this project's Code of Conduct